ACK: [CVE-2011-4347] kvm device assignment permissions checks
Seth Forshee
seth.forshee at canonical.com
Tue Feb 28 16:49:07 UTC 2012
On Tue, Feb 28, 2012 at 03:11:49PM +0000, Andy Whitcroft wrote:
> CVE-2011-4347
> It was found that kvm_vm_ioctl_assign_device function did not check
> if the user requesting assignment was privileged or not. Together
> with /dev/kvm being 666, unprivileged user could assign unused
> pci devices, or even devices that were in use and whose resources
> were not properly claimed by the respective drivers. Please note
> that privileged access was still needed to re-program the device
> to for example issue DMA requests. This is typically achieved by
> touching files on sysfs filesystem. These files are usually not
> accessible to unprivileged users. As a result, local user could
> use this flaw to crash the system.
>
> Following this email are two patches. The first is for lucid and is a
> backport from the upstream commit following the code back to an older
> filename. The second is for maverick, natty, and oneiric and is also a
> minor backport from the upstream commit, dropping the documentation
> updates for the older releases.
>
> Proposing for lucid, maverick, natty and oneiric.
>
> -apw
Acked-by: Seth Forshee <seth.forshee at canonical.com>
More information about the kernel-team
mailing list